I've managed an IDS in the past and conducted some IDS research for a former employer, but it's been several years since I did any hands-on IDS monitoring so I feel like I'm lacking a current perspective.
The argument that I've always accepted is Bejtlich's "prevention eventualy fails." I still think that argument is valid and can see the value of monitoring systems, logging, keeping session/statistical data both for detection and response, etc. But, I wonder what value IDS actually gives us.
Consider Snort, let's say we remove all of the signatures that aren't applicable to our environment (e.g. remove Oracle rules if we don't run Oracle), remove all of the rules that are too out of date to matter (e.g. teardrop), and also remove all of the rules for things that we're blocking anyway. Once we do that, how much is really left and what are the odds that, if we do undergo a serious attack, that the remaining rules will alert us to it?
Although prevention eventually fails, the detection systems that we put into place is only valuable if they are able to detect malicious activity when prevention fails. Otherwise, we don't gain any additional security.